6.9.2 Solution

Then log in using public-key authentication and you
won't be prompted for a passphrase: [Recipe 6.4]

$ ssh -l remoteuser remotehost

Some Linux distributions automatically run
ssh-agent when you log in under an X session
manager. In this case just skip the ssh-agent
invocation.

6.9.3 Discussion

The SSH agent, controlled by the programs
ssh-agent and ssh-add,
maintains a cache of private keys on your local (client) machine. You
load keys into the agent, typing their passphrases to decrypt them.
SSH clients (ssh, scp,
sftp) then query the agent transparently about
keys, rather than prompting you for a passphrase.

The invocation of ssh-agent might look a little
odd with the eval and backticks:

$ eval `ssh-agent`

but it is necessary because ssh-agent prints
several commands on the standard output that set environment
variables when run. To view these commands for testing, run
ssh-agent alone:

A tempting but naive alternative to ssh-agent is a
key with an empty passphrase, called a
plaintext key. If you authenticate with this key,
indeed, no passphrase is needed . . . but this is risky! If a cracker
steals your plaintext key, he can immediately impersonate you on
every machine that contains the corresponding public key.

For interactive use, there is no reason to use a
plaintext key. It's like putting your login password
into a file named password.here.please.steal.me.
Don't do it. Use ssh-agent
instead.

Another way to avoid passphrases is to use hostbased (trusted host)
authentication [Recipe 6.8], but for interactive use
we recommend public-key authentication with
ssh-agent as inherently more secure.